Since 2011, General Assembly (GA) has transformed tens of thousands of careers through pioneering, experiential education in today’s most in-demand skills. As featured in The Economist, Wired, and The New York Times, GA offers training in web development, data, design, marketing, and more, both online and at campuses across multiple countries. Our global professional community boasts more than 95,000 full- and part-time alumni — and counting.

In addition to fostering career growth for individuals, GA helps employers cultivate top diverse tech talent and spur innovation by transforming their teams through strategic learning. More than 21,000 employees at elite companies worldwide have honed their digital fluency with our corporate training programs. GA has also been recognized as one of Deloitte’s Technology Fast 500, and Fast Company has dubbed us leaders in World-Changing Ideas as well as the #1 Most Innovative Company in Education.

GA has a remote-friendly culture with offices around the world. If you prefer the office, our headquarters are located in New York City. The GA Information Security Crew embraces a Purple-Team attitude that pulls together tactics and techniques from both Blue-Team and Red-Team playbooks to best secure our internal, customer, and client information.

Responsibilities

• Responsible for implementing and/or assisting cross-functional teams with implementing solutions to assist in the deployment or configuration of information security control and monitoring systems or cloud based solutions designed to implement or enforce the Information Security Management System (ISMS) and its control objectives
• Applying and verifying the application of security controls designed to enforce information security policies, standards, guidelines, and procedures
• Verification of the application of software patches either manually or by scripting in-house solutions
• Configures Web Application Firewall (WAF) rulesets to optimize for protection, detection, and monitoring of malicious activity
• Configures and runs vulnerability scans against infrastructure such as cloud-hosted services, web applications, networking equipment, and workstations
• Configuration of Data Loss Prevention (DLP) solutions
• Configuration, maintenance, and improvement of email security solutions to implement SPF, DKIM, and DMARC as well as anti-phishing and email attachment security
• Configuration and maintenance of cloud-delivered enterprise security software solutions
• Configuration and management of a comprehensive logging and monitoring solution (e.g. SEIM/SIEM technology such as Security Onion)
• Configures and maintains Firewalls and firewall rule sets
• Assists a cross-functional team in the implementation and table-top testing of the Disaster Recovery Plan (DRP)
• Assists with the monitoring of the environment as needed
• Assists with information security investigations as needed
• Assists with the documentation of new and maintenance of existing Information Security Incident Response Playbooks
• Participates in the Incident Response Process
• Assists in testing and development of systems hardening procedures
• Assists in classifying data and systems according to GA Policy
• Assists in the documentation of the GA Threat Landscape through Threat Modeling
• Assists in the internal audit of systems for compliance with Information Security Policy
• Helps to maintain documentation of critical assets, infosec procedures, threat models for data-flows, and evidence of policy compliance as needed
• Assists to ensure that information security risk assessments produce consistent, valid and comparable results
• Works with risk owners to develop acceptable treatment plans
• Responsible for successful application of treatment plans and the documentation of residual risks that have been accepted by risk owners
• Assists in the on-going improvement of the Information Security Management System (ISMS)
• Coordinates between departments and teams to improve the information security stance for the entire company
• Participates in operating and evolving the GA Information Security Awareness Program

Expectations

• Holds at least one current, recognized, information security credential (e.g. CISSP, CEH, eCPPT, eWPT, OSCP, GSEC or any other appropriate SANS GIAC certification)
• Experience with the automation of information security related tasks through scripting
• Experience conducting Vulnerability Assessments
• Experience with the configuration of Web Application Firewalls (WAFs)
• Experience working with Data Loss Prevention (DLP) solutions
• Experience working with Macintosh, Windows, and Linux systems
• Familiar with TCP/IP Networking
• Familiar with network protocol analyzers (e.g. Wireshark)
• Familiar with Penetration testing methodology
• Familiar with Incident Response Techniques
• Familiar with OWASP
• Familiar with MITRE ATT&CK framework
• Familiar with Threat Modeling techniques
• Familiar with Network Security and Vulnerability scanning tools (e.g. Nessus, Nmap, Rapid7 tools, Qualys, etc.)
• Proficient in at least one scripting language (i.e. Python, Bash, Zsh)

The anticipated annualized salary range for this position in the US market is $82,000 and $110,000. Salary will be determined based on experience, education, geographic location, and other factors. If hired as a regular full-time employee, this position will include a variable compensation plan which could be a bonus or a commission.

US benefit offerings for full-time employment may include medical, dental, vision, term life insurance, short-term and long-term disability, additional voluntary benefits, commuter benefits, wellness plans & reimbursement and retirement programs. Available paid leave may include paid time off, parental leave and holiday pay.

The salary range published in this job posting is for US based locations only. Non-US based candidates interested in this position can email talent@generalassemb.ly for country specific pay range details and benefits offered.

Unless otherwise noted, remote positions can be performed from the following approved General Assembly operating countries.

United States of America (states of operation may vary), Canada (provinces of operation may vary), United Kingdom, Australia, and Singapore.

Note From The Remote JobHunters:

• When you apply, be sure to mention that you heard about this position from The Remote JobHunters!
• Looking for more entry-level remote positions? If so, be sure to join The Remote JobHunters Facebook group, Subreddit, and subscribe to our weekly newsletter!